About
Shih-Fong Peng, aka Lays
Co-Founder and Researcher of TRAPA Security, NCTU SQLab alumni
Focusing on Vulnerability Research and Reverse Engineering.
- Samsung Mobile Security Hall of Fame 2020
- MSRC 2020 Most Valuable Security Researchers
- MSRC 2019 Most Valuable Security Researchers
CTFs
I used to play CTF with HITCON and 217, we also organized HITCON CTF 2014~2021.
| Year | Name | Ranking | Team |
|---|---|---|---|
| 2020 | DEF CON CTF 2020 Final | 3rd | HITCON ⚔ Balsn |
| 2019 | DEF CON CTF 2019 Final | 2nd | HITCON x BFKinesiS |
| 2018 | DEF CON CTF 2018 Final | 3rd | HITCON |
| 2017 | DEF CON CTF 2017 Final | 2nd | HITCON |
| 2016 | DEF CON CTF 2016 Final | 4th | HITCON |
| 2015 | DEF CON CTF 2015 Final | 4th | HITCON |
| 2019 | WCTF 2019 | 1st | 217 |
| 2017 | WCTF 2017 | 1st | HITCON 217 |
| 2016 | WCTF 2016 | 3rd | HITCON |
| 2018 | Trend Micro CTF 2018 Final | 1st | 217 |
| 2020 | Flare-On Challenge 7 | 13th | |
| 2019 | Flare-On Challenge 6 | 12th | |
| 2018 | Flare-On Challenge 5 | 8th | |
| 2017 | Flare-On Challenge 4 | 8th |
Security Advisories
| CVE | Vendor | Vulnerability |
|---|---|---|
| CVE-2024-55917 | Trend Micro | Trend Micro Apex One Security Agent Origin Validation Error Local Privilege Escalation Vulnerability |
| CVE-2024-36304 | Trend Micro | Trend Micro Apex One Security Agent Time-Of-Check Time-Of-Use Local Privilege Vulnerability |
| CVE-2024-36303 | Trend Micro | Trend Micro Apex One Security Agent Origin Validation Error Local Privilege Escalation Vulnerability |
| CVE-2023-6764 | Zyxel | Zyxel Firewall Pre-Authentication Format String Remote Code Execution Vulnerability |
| CVE-2023-6399 | Zyxel | Zyxel Firewall Post-Authentication Format String Remote Code Execution Vulnerability |
| CVE-2023-6398 | Zyxel | Zyxel Firewall Post-Authentication Command Injection Remote Code Execution Vulnerability |
| CVE-2023-6397 | Zyxel | Zyxel Firewall Remote Kernel DoS Vulnerability |
| CVE-2023-52093 | Trend Micro | Trend Micro Apex One Security Agent Exposed Dangerous Function Local Privilege Escalation Vulnerability |
| CVE-2023-35635 | Microsoft | Windows Kernel Denial of Service Vulnerability |
| CVE-2023-4398 | Zyxel | Zyxel Firewall Pre-Authentication DoS Vulnerability |
| CVE-2023-47201 | Trend Micro | Trend Micro Apex One Security Agent Plug-in Manager Origin Validation Error Local Privilege Escalation Vulnerability |
| CVE-2023-47200 | Trend Micro | Trend Micro Apex One Security Agent Plug-in Manager Origin Validation Error Local Privilege Escalation Vulnerability |
| CVE-2023-47198 | Trend Micro | Trend Micro Apex One Security Agent Origin Validation Error Local Privilege Escalation Vulnerability |
| CVE-2023-47197 | Trend Micro | Trend Micro Apex One Security Agent Origin Validation Error Local Privilege Escalation Vulnerability |
| CVE-2023-47196 | Trend Micro | Trend Micro Apex One Security Agent Origin Validation Error Local Privilege Escalation Vulnerability |
| CVE-2023-47195 | Trend Micro | Trend Micro Apex One Security Agent Origin Validation Error Local Privilege Escalation Vulnerability |
| CVE-2023-47194 | Trend Micro | Trend Micro Apex One Security Agent Origin Validation Error Local Privilege Escalation Vulnerability |
| CVE-2023-47193 | Trend Micro | Trend Micro Apex One Security Agent Origin Validation Error Local Privilege Escalation Vulnerability |
| CVE-2023-47192 | Trend Micro | Trend Micro Apex One Security Agent Link Following Local Privilege Escalation Vulnerability |
| CVE-2023-2910 | ASUSTOR | ASUSTOR Data Master (ADM) Pre-Authentication Command Injection Remote Code Execution Vulnerability |
| CVE-2023-3697 | ASUSTOR | ASUSTOR Data Master (ADM) Pre-Authentication Arbitrary File Creation Vulnerability |
| CVE-2023-3698 | ASUSTOR | ASUSTOR Data Master (ADM) Pre-Authentication Arbitrary File Deletion Vulnerability |
| CVE-2023-34148 | Trend Micro | Trend Micro Apex One Security Agent Exposed Dangerous Function Local Privilege Escalation Vulnerability |
| CVE-2023-34147 | Trend Micro | Trend Micro Apex One Security Agent Exposed Dangerous Function Local Privilege Escalation Vulnerability |
| CVE-2023-34146 | Trend Micro | Trend Micro Apex One Security Agent Exposed Dangerous Function Local Privilege Escalation Vulnerability |
| CVE-2023-34145 | Trend Micro | Trend Micro Apex One Security Agent Untrusted Search Path Local Privilege Escalation Vulnerability |
| CVE-2023-34144 | Trend Micro | Trend Micro Apex One Security Agent Untrusted Search Path Local Privilege Escalation Vulnerability |
| CVE-2023-33012 | Zyxel | Zyxel Firewall Pre-Authentication Command Injection Remote Code Execution Vulnerability |
| CVE-2023-33011 | Zyxel | Zyxel Firewall Pre-Authentication Format String Remote Code Execution Vulnerability |
| CVE-2023-33010 | Zyxel | Zyxel Firewall Pre-Authentication Buffer Overflow Remote Code Execution Vulnerability |
| CVE-2023-33009 | Zyxel | Zyxel Firewall Pre-Authentication Buffer Overflow Remote Code Execution Vulnerability |
| CVE-2023-32555 | Trend Micro | Trend Micro Apex One Security Agent Time-of-Check Time-of-Use LPE Vulnerability |
| CVE-2023-28771 | Zyxel | Zyxel Firewall Pre-Authentication Command Injection Remote Code Execution Vulnerability |
| CVE-2023-25146 | Trend Micro | Trend Micro Apex One Security Agent Link Following Local Privilege Escalation Vulnerability |
| CVE-2022-44653 | Trend Micro | Trend Micro Apex One Security Agent Directory Traversal Local Privilege Escalation Vulnerability |
| CVE-2022-41747 | Trend Micro | Trend Micro Apex One Security Agent Improper Certification Validation Local Privilege Escalation Vulnerability |
| CVE-2022-30700 | Trend Micro | Trend Micro Apex One Incorrect Permission Assignment Privilege Escalation Vulnerability |
| CVE-2022-4920 | Heap buffer overflow in Blink in Google Chrome | |
| CVE-2021-45441 | Trend Micro | Trend Micro Apex One Origin Validation Error Local Privilege Escalation Vulnerability |
| CVE-2021-42011 | Trend Micro | Trend Micro Apex One Incorrect Permission Assignment Privilege Escalation Vulnerability |
| CVE-2021-31937 | Microsoft | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability |
| CVE-2021-28645 | Trend Micro | Trend Micro Apex One Incorrect Permission Assignment Privilege Escalation Vulnerability |
| CVE-2021-25253 | Trend Micro | Trend Micro Apex One Improper Access Control Privilege Escalation Vulnerability |
| CVE-2020-28940 | Western Digital | Western Digital MyCloud PR4100 nasAdmin Authentication Bypass Vulnerability |
| CVE-2020-11600 | Samsung | SVE-2019-16587, SVE-2019-16588, SVE-2019-16589: Arbitrary code execution in Fingerprint Trustlet |
| CVE-2020-1421 | Microsoft | LNK Remote Code Execution Vulnerability |
| CVE-2020-0729 | Microsoft | LNK Remote Code Execution Vulnerability |
| CVE-2019-1406 | Microsoft | Jet Database Engine Remote Code Execution Vulnerability |
| CVE-2019-1280 | Microsoft | LNK Remote Code Execution Vulnerability |
| CVE-2019-1188 | Microsoft | LNK Remote Code Execution Vulnerability |
| CVE-2019-0974 | Microsoft | Jet Database Engine Remote Code Execution Vulnerability |
| CVE-2017-18739 | NETGEAR | Pre-Authentication Remote Code Execution |
| CVE-2017-16774 | Synology | Synology DiskStation Manager XSS |